<?php

/*
////////////////////////////////////////////////////////////////////////////////
// JohnCMS v.1.1.0                     30.05.2008                             //
// Официальный сайт сайт проекта:      http://johncms.com                     //
// Дополнительный сайт поддержки:      http://gazenwagen.com                  //
////////////////////////////////////////////////////////////////////////////////
// JohnCMS core team:                                                         //
// Евгений Рябинин aka john77          john77@gazenwagen.com                  //
// Олег Касьянов aka AlkatraZ          alkatraz@gazenwagen.com                //
//                                                                            //
// Плагиат и удаление копирайтов заруганы на ближайших родственников!!!       //
////////////////////////////////////////////////////////////////////////////////
*/

defined('_IN_JOHNADM') or die('Error: restricted access');

if ($rights < 7)
    die('Error: restricted access');
$lng_news = core::load_lng('news');
function timer($var = '') {
	global $lng_news;
	if($var <= 0)
		return;
	if(86400 > $var) {
		if(3600 > $var) {
			if(60 > $var) {
				$time = $var;
				return $time . ' ' . $lng_news['sec'] . '.';
			} else if(60 <= $var && (60 * 2) > $var) {
				return $lng_news['one_minute'];
			}
			$hours = (60 - ceil((3600 - $var) / 60));
			return $hours . ' ' . $lng_news['minute'] . '.';
		} else if(3600 <= $var && (3600 * 2) > $var) {
			return $lng_news['one_hour'];
		}
		$days = (24 - ceil((86400 - $var) / 3600));
		return $days . ' ' . $lng_news['hour'] . '.';
	} else if(86400 <= $var && (86400 * 2) > $var) {
		return $lng_news['one_day'];
	}
	$days = ceil($var / 86400);
	return $days . ' дн.';
}
echo '<div class="phdr"><a href="index.php"><b>' . $lng['admin_panel'] . '</b></a> | ' . $lng['news'] . '</div>';
switch ($mod) {
    case 'add' :
		if (isset ($_POST['submit'])) {
			
			$name = isset ($_POST['name']) ? trim($_POST['name']) : '';
			
			$error = array();
			
			if(empty($name))
				$error[] = $lng_news['error_empty_category']. '!';
			
			else if (mb_strlen($name) < 2 || mb_strlen($name) > 50)
				$error[] = $lng_news['error_long_cat']. '!';
			
			if(empty($error)) {
				$q = mysql_query("SELECT * FROM `cms_news_cat` WHERE `name`='" . mysql_real_escape_string($name) . "' LIMIT 1");
                if (mysql_num_rows($q)) {
					$error[] = $lng_news['category_already_exists']. '!';
				}
			}
			if(empty($error)) {
				$req = mysql_query("SELECT `realid` FROM `cms_news_cat` ORDER BY `realid` DESC LIMIT 1");
                if (mysql_num_rows($req)) {
                    $res = mysql_fetch_assoc($req);
                    $sort_id = $res['realid'] + 1;
                } else {
                    $sort_id = 1;
                }
				
				mysql_query("INSERT INTO `cms_news_cat` SET
				`realid` = '$sort_id',
                `name` = '" . mysql_real_escape_string($name) . "'");
				$img_id = mysql_insert_id();
				
				require_once ('../incfiles/lib/class.upload.php');
				$handle = new upload($_FILES['imagefile']);
				if ($handle->uploaded) {
					// Обрабатываем фото
					$handle->file_new_name_body = 'ico_cat_' . $img_id;
					$handle->allowed = array('image/jpeg', 'image/jpg', 'image/gif', 'image/png');
					$handle->file_max_size = 1024 * $set['flsz'];
					$handle->file_overwrite = true;
					$handle->image_resize = true;
					$handle->image_x = 16;
					$handle->image_y = 16;
					$handle->image_convert = 'jpg';
					$handle->process('../files/news/');
					if($handle->processed)
						@ chmod('../files/news/ico_cat_' . $img_id . '.jpg', 0666);
					$handle->clean();
				}
				
				Header('Location: index.php?act=news');
				
			} else {
				echo functions::display_error($error, '<a href="index.php?act=news&amp;mod=add">' . $lng['repeat'] . '</a>');
			}
			
		} else {
			echo '<form action="index.php?act=news&amp;mod=add" method="post" enctype="multipart/form-data">
			<div class="gmenu"><p>
			<b>' . $lng['title'] . ':</b><br />
			<input type="text" name="name" /><br /><small>' . $lng_news['recommended_long_category'] . '</small><br />
			<b>' . $lng_news['icon_category'] . ':</b><br />
			<input type="file" name="imagefile"/><br />
			<small>' . $lng_news['allowed_formats'] . ' ' . $set['flsz'] . ' ' . $lng_news['allowed_formats2'] . '</small><br />
			<input type="hidden" name="MAX_FILE_SIZE" value="' . (1024 * $set['flsz']) . '" />
			</p><p><input type="submit" value="' . $lng['add'] . '" name="submit" />
			</p></div></form>';
		}
		echo '<div class="phdr"><a href="index.php?act=news">' . $lng_news['management_news'] . '</a></div>';
		break;
	case 'up' :
		////////////////////////////////////////////////////////////
        // Displacement on one position upwards                      //
        ////////////////////////////////////////////////////////////
		if ($id) {
			$req = mysql_query("SELECT * FROM `cms_news_cat` WHERE `id` = '$id' LIMIT 1");
            if (mysql_num_rows($req)) {
				$res1 = mysql_fetch_assoc($req);
				$sort = $res1['realid'];
				$req = mysql_query("SELECT * FROM `cms_news_cat` WHERE `realid` < '$sort' ORDER BY `realid` DESC LIMIT 1");
				if (mysql_num_rows($req)) {
					$res = mysql_fetch_assoc($req);
					$id2 = $res['id'];
					$sort2 = $res['realid'];
					mysql_query("UPDATE `cms_news_cat` SET `realid` = '$sort2' WHERE `id` = '$id'");
					mysql_query("UPDATE `cms_news_cat` SET `realid` = '$sort' WHERE `id` = '$id2'");
				}
			}
		}
        header('Location: index.php?act=news');
		break;
	case 'down' :
		////////////////////////////////////////////////////////////
        // Displacement on one position downwards                 //
        ////////////////////////////////////////////////////////////
        if ($id) {
            $req = mysql_query("SELECT `realid` FROM `cms_news_cat` WHERE `id` = '$id' LIMIT 1");
            if (mysql_num_rows($req)) {
                $res1 = mysql_fetch_assoc($req);
                $sort = $res1['realid'];
                $req = mysql_query("SELECT `id`, `realid` FROM `cms_news_cat` WHERE `realid` > '$sort' ORDER BY `realid` ASC LIMIT 1");
                if (mysql_num_rows($req)) {
                    $res = mysql_fetch_assoc($req);
                    $id2 = $res['id'];
                    $sort2 = $res['realid'];
                    mysql_query("UPDATE `cms_news_cat` SET `realid` = '$sort2' WHERE `id` = '$id'");
                    mysql_query("UPDATE `cms_news_cat` SET `realid` = '$sort' WHERE `id` = '$id2'");
                }
            }
        }
		header('Location: index.php?act=news');
		break;
	case 'edit' :
		if($id) {
			$q = mysql_query("SELECT * FROM `cms_news_cat` WHERE `id`='$id' LIMIT 1");
			if (mysql_num_rows($q)) {
				
				$row = mysql_fetch_assoc($q);
				
				if (isset ($_POST['submit'])) {
					
					$name = isset ($_POST['name']) ? trim($_POST['name']) : '';
					
					$error = array();
					
					if(empty($name))
						$error[] = $lng_news['error_empty_category']. '!';
					else if (mb_strlen($name) < 2 || mb_strlen($name) > 50)
						$error[] = $lng_news['error_long_cat']. '!';
					
					if(empty($error)) {
						if($name != $row['name']) {
							$q = mysql_query("SELECT * FROM `cms_news_cat` WHERE `name`='" . mysql_real_escape_string($name) . "' LIMIT 1");
							if (mysql_num_rows($q)) {
								$error[] = $lng_news['category_already_exists']. '!';
							}
						}
					}
					if(empty($error)) {
						mysql_query("UPDATE `cms_news_cat` SET
						`name` = '" . mysql_real_escape_string($name) . "' WHERE `id`='$id' LIMIT 1");
						
						require_once ('../incfiles/lib/class.upload.php');
						$handle = new upload($_FILES['imagefile']);
						if ($handle->uploaded) {
							// Обрабатываем фото
							$handle->file_new_name_body = 'ico_cat_' . $id;
							$handle->allowed = array('image/jpeg', 'image/jpg', 'image/gif', 'image/png');
							$handle->file_max_size = 1024 * $set['flsz'];
							$handle->file_overwrite = true;
							$handle->image_resize = true;
							$handle->image_x = 16;
							$handle->image_y = 16;
							$handle->image_convert = 'jpg';
							$handle->process('../files/news/');
							if($handle->processed)
								@ chmod('../files/news/ico_cat_' . $id . '.jpg', 0666);
							$handle->clean();
						}
						
						Header('Location: index.php?act=news');
						
					} else {
						echo functions::display_error($error, '<a href="index.php?act=news&amp;mod=add">' . $lng['repeat'] . '</a>');
					}
					
				} else {
					echo '<form action="index.php?act=news&amp;mod=edit&amp;id=' . $id . '" method="post" enctype="multipart/form-data">
					<div class="gmenu"><p>
					<b>' . $lng['title'] . ':</b><br />
					<input type="text" name="name" value="' . htmlentities($row['name'], ENT_QUOTES, 'UTF-8') . '"/><br /><small>Мин. 2, макс. 50 символов</small><br />
					<b>' . $lng_news['icon_category'] . ':</b><br />
					<input type="file" name="imagefile"/><br />
					<small>' . $lng_news['allowed_formats'] . ' ' . $set['flsz'] . ' ' . $lng_news['allowed_formats2'] . '</small><br />
					<input type="hidden" name="MAX_FILE_SIZE" value="' . (1024 * $set['flsz']) . '" />
					</p><p><input type="submit" value="' . $lng['edit'] . '" name="submit" />
					</p></div></form>';
				}
			} else {
				echo functions::display_error($lng_news['category_does_not_exist']);
			}
		} else {
			echo functions::display_error($lng_news['category_is_not_chose']);
		}
		echo '<div class="phdr"><a href="index.php?act=news">' . $lng_news['management_news'] . '</a></div>';
		break;
	case 'delete' :
		if($id) {
			$q = mysql_query("SELECT * FROM `cms_news_cat` WHERE `id`='$id' LIMIT 1");
			if (mysql_num_rows($q)) {
				if (isset ($_POST['submit'])) {
					$cn = mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_news` WHERE `refid` = '$id'"), 0);
					if($cn) {
						$reqs = mysql_query("SELECT * FROM `cms_news` WHERE `refid`='$id'");
						$massdel = array();
						while (($row = mysql_fetch_assoc($reqs)) !== false) {
							$massdel[] = $row['id'];
							if(file_exists('../files/news/news_' . $row['id'] . '.jpg') !== false) {
								unlink('../files/news/news_' . $row['id'] . '.jpg');
								unlink('../files/news/small_news_' . $row['id'] . '.jpg');
							}
						}
						if($massdel) {
							$result = implode(',', $massdel);
							mysql_query("DELETE FROM `cms_news` WHERE `id` IN (" . $result . ")");
							mysql_query("DELETE FROM `cms_news_comments` WHERE `refid` IN (" . $result . ")");
						}
					}
					mysql_query("DELETE FROM `cms_news_cat` WHERE `id` = '$id'");
					if(file_exists('../files/news/ico_cat_' . $id . '.jpg') !== false)
						unlink('../files/news/ico_cat_' . $id . '.jpg');
					Header('Location: index.php?act=news');
				} else {
					echo '<form action="index.php?act=news&amp;mod=delete&amp;id=' . $id . '" method="post">
					<div class="gmenu"><p>
					' . $lng_news['removing_category'] . '
					</p><p><input type="submit" value="' . $lng['delete'] . '" name="submit" />
					</p></div></form>';
				}
			} else {
				echo functions::display_error($lng_news['category_does_not_exist']);
			}
		} else {
			echo functions::display_error($lng_news['category_is_not_chose']);
		}
		echo '<div class="phdr"><a href="index.php?act=news">' . $lng_news['management_news'] . '</a></div>';
		break;
	case 'delnews' :
		if($id) {
			if(mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_news` WHERE `id`='$id'"), 0) != 0) {
				if (isset ($_POST['submit'])) {
					if(file_exists('../files/news/news_' . $id . '.jpg') !== false) {
						unlink('../files/news/news_' . $id . '.jpg');
						unlink('../files/news/small_news_' . $id . '.jpg');
					}
					mysql_query("DELETE FROM `cms_news` WHERE `id`='$id'");
					mysql_query("DELETE FROM `cms_news_comments` WHERE `refid`='$id'");
					
					echo '<div class="rmenu">Новость удалена.</div>';
				} else {
					echo '<form action="index.php?act=news&amp;mod=delnews&amp;id=' . $id . '" method="post">
					<div class="gmenu"><p>
					' . $lng_news['removing_news'] . '
					</p><p><input type="submit" value="' . $lng['delete'] . '" name="submit" />
					</p></div></form>';
				}
			} else {
				echo functions::display_error($lng_news['news_does_not_exist']);
			}
		} else {
			echo functions::display_error($lng_news['news_is_not_chose']);
		}
	break;
	case 'clear' :
		echo '<div class="phdr">' . $lng_news['cleaning_the_news'] . '</div>';
            if (isset ($_POST['submit'])) {
                $cl = isset ($_POST['cl']) ? intval($_POST['cl']) : '';
                switch ($cl) {
                    case '1' :
                        $reqs = mysql_query("SELECT * FROM `cms_news` WHERE `time`<='" . ($realtime - 604800) . "'");
						$massdel = array();
						while (($row = mysql_fetch_assoc($reqs)) !== false) {
							$massdel[] = $row['id'];
							if(file_exists('../files/news/news_' . $row['id'] . '.jpg') !== false) {
								unlink('../files/news/news_' . $row['id'] . '.jpg');
								unlink('../files/news/small_news_' . $row['id'] . '.jpg');
							}
						}
						if($massdel) {
							$result = implode(',', $massdel);
							mysql_query("DELETE FROM `cms_news` WHERE `id` IN (" . $result . ")");
							mysql_query("DELETE FROM `cms_news_comments` WHERE `refid` IN (" . $result . ")");
							mysql_query("OPTIMIZE TABLE `cms_news`, `cms_news_comments`;");
						}
                        echo '<p class="rmenu">' . $lng_news['clear_week_confirmation'] . '</p>';
                        break;

                    case '2' :
                        // Проводим полную очистку
						$reqs = mysql_query("SELECT * FROM `cms_news` WHERE `time`<='" . ($realtime - 604800) . "'");
						while (($row = mysql_fetch_assoc($reqs)) !== false) {
							if(file_exists('../files/news/news_' . $row['id'] . '.jpg') !== false) {
								unlink('../files/news/news_' . $row['id'] . '.jpg');
								unlink('../files/news/small_news_' . $row['id'] . '.jpg');
							}
						}
						mysql_query("TRUNCATE TABLE `cms_news`");
						mysql_query("TRUNCATE TABLE `cms_news_comments`");
                        
                        echo '<p class="rmenu">' . $lng_news['clear_all_confirmation'] . '.</p>';
                        break;

                    default :
                        // Чистим сообщения, старше 1 месяца
						$reqs = mysql_query("SELECT * FROM `cms_news` WHERE `time`<='" . ($realtime - 2592000) . "'");
						$massdel = array();
						while (($row = mysql_fetch_assoc($reqs)) !== false) {
							$massdel[] = $row['id'];
							if(file_exists('../files/news/news_' . $row['id'] . '.jpg') !== false) {
								unlink('../files/news/news_' . $row['id'] . '.jpg');
								unlink('../files/news/small_news_' . $row['id'] . '.jpg');
							}
						}
						if($massdel) {
							$result = implode(',', $massdel);
							mysql_query("DELETE FROM `cms_news` WHERE `id` IN (" . $result . ")");
							mysql_query("DELETE FROM `cms_news_comments` WHERE `refid` IN (" . $result . ")");
							mysql_query("OPTIMIZE TABLE `cms_news`, `cms_news_comments`;");
						}
                        echo '<p class="rmenu">' . $lng_news['clear_month_confirmation'] . '.</p>';
                }
            } else {
                echo '<div class="gmenu"><p><u>' . $lng_news['way_peelings'] . '</u>';
                echo '<form id="clean" method="post" action="index.php?act=news&amp;mod=clear"><div>';
                echo '<input type="radio" name="cl" value="0" checked="checked" />' . $lng_news['clear_month'] . '<br />';
                echo '<input type="radio" name="cl" value="1" />' . $lng_news['clear_week'] . '<br />';
                echo '<input type="radio" name="cl" value="2" />' . $lng['clear_all'] . '<br />';
                echo '<input type="submit" name="submit" value="' . $lng['clear'] . '" /></div>';
                echo '</form></p></div>';
            }
		echo '<div class="phdr"><a href="index.php?act=news">' . $lng_news['management_news'] . '</a></div>';
		break;
		
	case 'ico' :
		if($id) {
			$q = mysql_query("SELECT * FROM `cms_news_cat` WHERE `id`='$id' LIMIT 1");
			if (mysql_num_rows($q)) {
				if (isset ($_POST['submit'])) {
					if(file_exists('../files/news/ico_cat_' . $id . '.jpg') !== false)
						unlink('../files/news/ico_cat_' . $id . '.jpg');
					Header('Location: index.php?act=news');
				} else {
					echo '<form action="index.php?act=news&amp;mod=ico&amp;id=' . $id . '" method="post" enctype="multipart/form-data">
					<div class="gmenu"><p>
					' . $lng_news['confirm_removing_icon'] . '
					</p><p><input type="submit" value="' . $lng['delete'] . '" name="submit" />
					</p></div></form>';
				}
			} else {
				echo functions::display_error($lng_news['category_does_not_exist']);
			}
		} else {
			echo functions::display_error($lng_news['category_is_not_chose']);
		}
		echo '<div class="phdr"><a href="index.php?act=news">' . $lng_news['management_news'] . '</a></div>';
		break;
	
	case 'list' :
		$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_news`"), 0);
		if($total) {
			$req = mysql_query("SELECT `id`, `name`, `text`, `time` FROM `cms_news` ORDER BY `time` DESC LIMIT "
						  . $start . "," . $kmess);
			$i = 1;
			while (($row = mysql_fetch_assoc($req)) !== false) {
				echo $i % 2 ? '<div class="list1">' : '<div class="list2">';
				if(file_exists('../files/news/small_news_' . $row['id'] . '.jpg') !== false) {
					echo '<table cellpadding="0" cellspacing="0" width="100%"><tr><td width="32">';
					echo '<img style="margin: 0 0 -3px 0;border: 0px;" src="../files/news/small_news_' . $row['id'] . '.jpg" alt="" width="32" height="32"/>&#160;';
					echo '</td><td>';
					echo '<a href="../news/index.php?act=view&amp;id=' . $row['id'] . '">' . htmlentities($row['name'], ENT_QUOTES, 'UTF-8') . '</a> <br />(' . date('d.m.o / H:i', $row['time'] + $sdvigclock * 3600) . ')<br />';
					echo '</td></tr></table>';
				} else {
					echo '<a href="../news/index.php?act=view&amp;id=' . $row['id'] . '">' . htmlentities($row['name'], ENT_QUOTES, 'UTF-8') . '</a> (' . date('d.m.o / H:i', $row['time'] + $sdvigclock * 3600) . ')<br />';
				}
				echo '<div class="sub"></div>';
				$text = $row['text'];
				if(mb_strlen($text) > 100) {
					$str = mb_substr($text, 0, 100);
					$text = mb_substr($str, 0, mb_strrpos($str, ' ')) . '...';
				}
				echo functions::checkout($text, 2, 1);
				if($row['time'] > time())
					echo '<div class="sub func">' . $lng_news['begin_show_through'] . ': ' . timer($row['time'] - time()) . '</div>';
				echo '</div>
				<div class="bmenu"><a href="index.php?act=news&amp;mod=newsedit&amp;id=' . $row['id'] . '">Изменить</a> | <a href="index.php?act=news&amp;mod=delnews&amp;id=' . $row['id'] . '">Удилить</a></div>';
				++$i;
			}
			echo '<div class="phdr">' . $lng['total'] . ': ' . $total . '</div>';
			if ($total > $kmess) {
				echo '<p>' . functions::display_pagination('index.php?act=news&amp;mod=list&amp;', $start, $total, $kmess) . '</p>';
				echo '<p><form action="index.php" method="get">
				<input type="hidden" name="act" value="mod_news"/>
				<input type="hidden" name="mod" value="list"/>
				<input type="text" name="page" size="2"/>
				<input type="submit" value="' . $lng['to_page'] . ' &gt;&gt;"/></form></p>';
			}
		} else {
			echo '<div class="rmenu">' . $lng_news['news_no'] . '</div>';
		}
		echo '<div class="phdr"><a href="index.php?act=news">' . $lng_news['management_news'] . '</a></div>';
		break;
	
	case 'news' :
		$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_news_cat`"), 0);
		if($total) {
			if (isset ($_POST['submit'])) {
				$time = time();
				$timer = time();
				$date['day'] = date('d', $time);
				$date['year'] = date('o', $time);
				$date['month'] = date('m', $time);
				$date['i'] = date('i', $time);
				$date['h'] = date('h', $time);
				
				$name = isset ($_POST['name']) ? trim($_POST['name']) : '';
				$text = isset ($_POST['text']) ? trim($_POST['text']) : '';
				$cat = isset($_POST['cat']) ? abs(intval($_POST['cat'])) : 0;
				$day = isset($_POST['day']) && $_POST['day'] >= 1 && $_POST['day'] <= 31 ? abs(intval($_POST['day'])) : 0;
				$month = isset($_POST['month']) && $_POST['month'] >= 1 && $_POST['month'] <= 12 ? abs(intval($_POST['month'])) : 0;
				$year = isset($_POST['year']) && $_POST['year'] >= $date['year'] && $_POST['year'] <= ($date['year'] + 1) ? abs(intval($_POST['year'])) : 0;
				
				$hour = isset($_POST['hour']) && $_POST['hour'] >= 0 && $_POST['hour'] <= 24 ? abs(intval($_POST['hour'])) : 0;
				$minutes = isset($_POST['minutes']) && $_POST['minutes'] >= 0 && $_POST['minutes'] <= 60 ? abs(intval($_POST['minutes'])) : 0;
				
				$error = array();
		
				$error = array();
				
				if(empty($name))
					$error[] = $lng_news['news_name_not_empty'] . '!';
				else if (mb_strlen($name) < 2 || mb_strlen($name) > 150)
					$error[] = $lng_news['error_long_news'] . '!';
				if(empty($text))
					$error[] = $lng_news['news_text_not_empty'] . '!';
				else if (mb_strlen($text) < 2 || mb_strlen($text) > 30000)
					$error[] = $lng_news['error_long_news_text'] . '!';
				if(!$cat)
					$error[] = $lng_news['category_is_not_chose'] . '!';
					
				if(empty($day) || empty($month) || empty($year))
					$timer = 0;
				else 
					$time = strtotime("$day.$month.$year.$hour.$minutes");
				/*
				if(!empty($timer) && $time < time())
					$error[] = 'Не верная дата!';
				*/
				if(!$error) {
					$data = mysql_query("SELECT * FROM `cms_news_cat` WHERE `id`='$cat';");
					if(!mysql_num_rows($data))
						$error[] = $lng_news['category_does_not_exist'] . '!';
				}
				
				if(empty($error)) {
					$q = mysql_query("SELECT * FROM `cms_news` WHERE `name`='" . mysql_real_escape_string($name) . "' LIMIT 1");
					if (mysql_num_rows($q)) {
						$error[] = $lng_news['news_already_exists'] . '!';
					}
				}
				
				if(empty($error)) {
					
					mysql_query("INSERT INTO `cms_news` SET
					`refid` = '$cat',
					`name` = '" . mysql_real_escape_string($name) . "',
					`text` = '" . mysql_real_escape_string($text) . "',
					`user_id` = '" . $user_id . "',
					`time` = '" . $time . "'");
					
					$img_id = mysql_insert_id();
					
					require_once ('../incfiles/lib/class.upload.php');
					$handle = new upload($_FILES['imagefile']);
					if ($handle->uploaded) {
						// Обрабатываем фото
						$handle->file_new_name_body = 'news_' . $img_id;
						$handle->allowed = array('image/jpeg', 'image/jpg', 'image/gif', 'image/png');
						$handle->file_max_size = 1024 * $set['flsz'];
						$handle->file_overwrite = true;
						$handle->image_resize = true;
						$handle->image_x = 100;
						$handle->image_ratio_y = true;
						$handle->image_convert = 'jpg';
						$handle->process('../files/news/');
						if($handle->processed) {
							@ chmod('../files/news/news_' . $img_id . '.jpg', 0666);
						}
						
						$handle->file_new_name_body = 'small_news_' . $img_id;
						$handle->image_x = 32;
						$handle->image_y = 32;
						$handle->image_convert = 'jpg';
						$handle->process('../files/news/');
						if($handle->processed) {
							@ chmod('../files/news/small_news_' . $img_id . '.jpg', 0666);
						}
						
					}
					$handle->clean();
					
					Header('Location: ../news/index.php?act=view&id='.$img_id);
					
				} else {
					echo functions::display_error($error, '<a href="index.php?act=news&amp;mod=news">' . $lng['repeat'] . '</a>');
				}
				
			} else {
				echo '<form action="index.php?act=news&amp;mod=news" method="post" enctype="multipart/form-data">
				<div class="gmenu"><p>
				<b>' . $lng_news['name_news'] . ':</b><br />
				<input type="text" name="name" /><br />
				<small>' . $lng_news['recom_long_news_name'] . '</small><br />
				<b>' . $lng_news['name_text'] . ':</b><br />
				<textarea name="text" cols="24" rows="4"></textarea><br />
				<small>' . $lng_news['recom_long_news_text'] . '</small><br />
				<b>' . $lng['category'] . ':</b><br />
				<select name="cat">';
				$req = mysql_query("SELECT * FROM `cms_news_cat` ORDER BY `realid` ASC");
				while (($row = mysql_fetch_assoc($req)) !== false) {
					echo '<option value="' . $row['id'] . '">' . htmlentities($row['name'], ENT_QUOTES, 'UTF-8') . '</option>';
				}
				echo '</select><br /><b>' . $lng_news['its_date'] . ':</b><br />
				<table><tr>
				<td><span style="text-decoration: underline;">' . $lng['day'] . '</span><br />
				<input type="text" value="" size="2" maxlength="2" name="day" />.</td>
				<td><span style="text-decoration: underline;">' . $lng_news['month'] . '</span><br />
				<input type="text" value="" size="2" maxlength="2" name="month" />.</td>
				<td><span style="text-decoration: underline;">' . $lng_news['year'] . '</span><br />
				<input type="text" value="" size="4" maxlength="4" name="year" />-</td>
				<td><span style="text-decoration: underline;">' . $lng_news['hour'] . '</span><br />
				<input type="text" value="" size="2" maxlength="2" name="hour" />:</td>
				<td><span style="text-decoration: underline;">' . $lng_news['minutes'] . '</span><br />
				<input type="text" value="" size="2" maxlength="2" name="minutes" /></td>
				</tr></table>
				<small>' . $lng_news['unnecessary_field'] . ' ' . date('d.m.o / H:i', time() + $sdvigclock * 3600) . '<br />
				' . $lng_news['unnecessary_field2'] . '</small><br />
				<b>' . $lng_news['picture_to_news'] . ':</b><br />
				<input type="file" name="imagefile"/><br />
				<small>' . $lng_news['allowed_formats'] . ' ' . $set['flsz'] . ' кб.<br />
				</small>
				<input type="hidden" name="MAX_FILE_SIZE" value="' . (1024 * $set['flsz']) . '" />
				</p><p><input type="submit" value="' . $lng['add'] . '" name="submit" />
				</p></div></form>';
			}
		} else {
			echo '<div class="rmenu">' . $lng_news['not_nor_one_categories'] . '</div>';
		}
		echo '<div class="phdr"><a href="index.php?act=news">' . $lng_news['management_news'] . '</a></div>';
		break;
	
	
	case 'newsedit' :
		if($id) {
			$q = mysql_query("SELECT * FROM `cms_news` WHERE `id`='$id' LIMIT 1");
			if (mysql_num_rows($q)) {
				$row = mysql_fetch_assoc($q);
				
				$day = date('d', $row['time']);
				$year= date('o', $row['time']);
				$month = date('m', $row['time']);
				$minutes = date('i', $row['time']);
				$hour = date('H', $row['time']);
				
				if (isset ($_POST['submit'])) {
					$time = time();
					$timer = time();
					
					$date['day'] = date('d', $time);
					$date['year'] = date('o', $time);
					$date['month'] = date('m', $time);
					$date['i'] = date('i', $time);
					$date['h'] = date('H', $time);
					
					$name = isset ($_POST['name']) ? trim($_POST['name']) : '';
					$text = isset ($_POST['text']) ? trim($_POST['text']) : '';
					$cat = isset($_POST['cat']) ? abs(intval($_POST['cat'])) : 0;
					$day = isset($_POST['day']) && $_POST['day'] >= 1 && $_POST['day'] <= 31 ? abs(intval($_POST['day'])) : $date['day'];
					$month = isset($_POST['month']) && $_POST['month'] >= 1 && $_POST['month'] <= 12 ? abs(intval($_POST['month'])) : $date['month'];
					$year = isset($_POST['year']) && $_POST['year'] >= $date['year'] && $_POST['year'] <= ($date['year'] + 1) ? abs(intval($_POST['year'])) : $date['year'];
					
					$hour = isset($_POST['hour']) && $_POST['hour'] >= 0 && $_POST['hour'] <= 24 ? abs(intval($_POST['hour'])) : $date['h'];
					$minutes = isset($_POST['minutes']) && $_POST['minutes'] >= 0 && $_POST['minutes'] <= 60 ? abs(intval($_POST['minutes'])) : $date['i'];
					
					$error = array();
			
					$error = array();
					
					if(empty($name))
						$error[] = $lng_news['news_name_not_empty'] . '!';
					else if (mb_strlen($name) < 2 || mb_strlen($name) > 150)
						$error[] = $lng_news['error_long_news'] . '!';
					if(empty($text))
						$error[] = $lng_news['news_text_not_empty'] . '!';
					else if (mb_strlen($text) < 2 || mb_strlen($text) > 30000)
						$error[] = $lng_news['error_long_news_text'] . '!';
					if(!$cat)
						$error[] = $lng_news['category_is_not_chose'] . '!';
						
					if(empty($day) || empty($month) || empty($year))
						$timer = 0;
					else 
						$time = strtotime("$day.$month.$year.$hour.$minutes");
						
					/*if(!empty($timer) && $time < time() && $time != $row['time']) {
						$error[] = 'Не верная дата!';
					}*/
					if(!$error) {
						$data = mysql_query("SELECT * FROM `cms_news_cat` WHERE `id`='$cat';");
						if(!mysql_num_rows($data))
							$error[] = $lng_news['category_does_not_exist'] . '!';
					}
					
					if(empty($error)) {
						if($name != $row['name']) {
							$q = mysql_query("SELECT * FROM `cms_news` WHERE `name`='" . mysql_real_escape_string($name) . "' LIMIT 1");
							if (mysql_num_rows($q)) {
								$error[] = $lng_news['news_already_exists'] . '!';
							}
						}
					}
					
					if(empty($error)) {
						
						mysql_query("UPDATE `cms_news` SET
						`refid` = '$cat',
						`name` = '" . mysql_real_escape_string($name) . "',
						`text` = '" . mysql_real_escape_string($text) . "',
						`user_id` = '" . $user_id . "',
						`time` = '" . $time . "' WHERE `id`='$id'");
						
						//$img_id = mysql_insert_id();
						
						require_once ('../incfiles/lib/class.upload.php');
						$handle = new upload($_FILES['imagefile']);
						if ($handle->uploaded) {
							
							// Обрабатываем фото
							$handle->file_new_name_body = 'news_' . $id;
							$handle->allowed = array('image/jpeg', 'image/jpg', 'image/gif', 'image/png');
							$handle->file_max_size = 1024 * $set['flsz'];
							$handle->file_overwrite = true;
							$handle->image_resize = true;
							$handle->image_x = 100;
							$handle->image_ratio_y = true;
							$handle->image_convert = 'jpg';
							$handle->process('../files/news/');
							if($handle->processed) {
								@ chmod('../files/news/news_' . $id . '.jpg', 0666);
							}
							
							$handle->file_new_name_body = 'small_news_' . $id;
							$handle->allowed = array('image/jpeg', 'image/jpg', 'image/gif', 'image/png');
							$handle->file_max_size = 1024 * $set['flsz'];
							$handle->file_overwrite = true;
							$handle->image_resize = true;
							$handle->image_x = 32;
							$handle->image_y = 32;
							$handle->image_convert = 'jpg';
							$handle->process('../files/news/');
							if($handle->processed) {
								@ chmod('../files/news/small_news_' . $id . '.jpg', 0666);
							}
						}
						$handle->clean();
						
						Header('Location: ../news/index.php?act=view&id='.$id);
						
					} else {
						echo functions::display_error($error, '<a href="index.php?act=news&amp;mod=news">' . $lng['repeat'] . '</a>');
					}
					
				} else {
					
					echo '<form action="index.php?act=news&amp;mod=newsedit&amp;id=' . $id . '" method="post" enctype="multipart/form-data">
					<div class="gmenu"><p>
					<b>' . $lng_news['name_news'] . ':</b><br />
					<input type="text" name="name" value="' . htmlentities($row['name'], ENT_QUOTES, 'UTF-8') . '" /><br />
					<small>' . $lng_news['recom_long_news_name'] . '</small><br />
					<b>' . $lng_news['name_text'] . ':</b><br />
					<textarea name="text" cols="24" rows="4">' . htmlentities($row['text'], ENT_QUOTES, 'UTF-8') . '</textarea><br />
					<small>' . $lng_news['recom_long_news_text'] . '</small><br />
					<b>' . $lng['category'] . ':</b><br />
					<select name="cat">';
					$req = mysql_query("SELECT * FROM `cms_news_cat` ORDER BY `realid` ASC");
					while (($rows = mysql_fetch_assoc($req)) !== false) {
						echo '<option value="' . $rows['id'] . '"' . ($rows['id'] == $row['refid'] ? ' selected="selected"':'') . '>' . htmlentities($rows['name'], ENT_QUOTES, 'UTF-8') . '</option>';
					}
					echo '</select><br /><b>' . $lng_news['its_date'] . ':</b><br />
					<table><tr>
					<td><span style="text-decoration: underline;">' . $lng['day'] . '</span><br />
					<input type="text" value="' . $day . '" size="2" maxlength="2" name="day" />.</td>
					<td><span style="text-decoration: underline;">' . $lng_news['month'] . '</span><br />
					<input type="text" value="' . $month . '" size="2" maxlength="2" name="month" />.</td>
					<td><span style="text-decoration: underline;">' . $lng_news['year'] . '</span><br />
					<input type="text" value="' . $year . '" size="4" maxlength="4" name="year" />-</td>
					<td><span style="text-decoration: underline;">' . $lng_news['hour'] . '</span><br />
					<input type="text" value="' . $hour . '" size="2" maxlength="2" name="hour" />:</td>
					<td><span style="text-decoration: underline;">' . $lng_news['minutes'] . '</span><br />
					<input type="text" value="' . $minutes . '" size="2" maxlength="2" name="minutes" /></td>
					</tr></table>
					<small>' . $lng_news['unnecessary_field'] . ' ' . date('d.m.o / H:i', time() + $sdvigclock * 3600) . '<br />
					' . $lng_news['unnecessary_field2'] . '</small><br />
					<b>' . $lng_news['picture_to_news'] . ':</b><br />
					<input type="file" name="imagefile"/><br />
					<small>' . $lng_news['allowed_formats'] . ' ' . $set['flsz'] . ' кб.<br />
					</small><br />
					<input type="hidden" name="MAX_FILE_SIZE" value="' . (1024 * $set['flsz']) . '" />
					</p><p><input type="submit" value="' . $lng['edit'] . '" name="submit" />
					</p></div></form>';
				}
			} else {
				echo '<div class="rmenu">' . $lng_news['news_does_not_exist'] . '</div>';
			}
		} else {
			echo '<div class="rmenu">' . $lng_news['news_is_not_chose'] . '</div>';
		}
		echo '<div class="phdr"><a href="index.php?act=news">' . $lng_news['management_news'] . '</a></div>';
		break;
	
	case 'settings':
		/*
		-----------------------------------------------------------------
		Настройки Новостей
		-----------------------------------------------------------------
		*/
		$settings = unserialize($set['news']);
		if (!isset($set['news']) || isset($_GET['reset'])) {
			// Задаем настройки по умолчанию
			$settings = array (
				'view' => '1',
				'size' => '200',
				'quantity' => '3',
				'days' => '7',
				'breaks' => '1',
				'smileys' => '0',
				'tags' => '1',
				'kom' => '1'
			);
			@mysql_query("DELETE FROM `cms_settings` WHERE `key` = 'news'");
			mysql_query("INSERT INTO `cms_settings` SET
				`key` = 'news',
				`val` = '" . mysql_real_escape_string(serialize($settings)) . "'
			");
			echo '<div class="rmenu"><p>' . $lng['settings_default'] . '</p></div>';
		} elseif (isset($_POST['submit'])) {
			// Принимаем настройки из формы
			$settings['view'] = isset($_POST['view']) && $_POST['view'] >= 0 && $_POST['view'] < 4 ? intval($_POST['view']) : 1;
			$settings['size'] = isset($_POST['size']) && $_POST['size'] > 50 && $_POST['size'] < 500 ? intval($_POST['size']) : 200;
			$settings['quantity'] = isset($_POST['quantity']) && $_POST['quantity'] > 0 && $_POST['quantity'] < 16 ? intval($_POST['quantity']) : 3;
			$settings['days'] = isset($_POST['days']) && $_POST['days'] >= 0 && $_POST['days'] < 16 ? intval($_POST['days']) : 7;
			$settings['breaks'] = isset($_POST['breaks']);
			$settings['smileys'] = isset($_POST['smileys']);
			$settings['tags'] = isset($_POST['tags']);
			$settings['kom'] = isset($_POST['kom']);
			mysql_query("UPDATE `cms_settings` SET
				`val` = '" . mysql_real_escape_string(serialize($settings)) . "'
				WHERE `key` = 'news'
			");
			echo '<div class="gmenu"><p>' . $lng['settings_saved'] . '</p></div>';
		} else {
			// Получаем сохраненные настройки
			$settings = unserialize($set['news']);
		}

		/*
		-----------------------------------------------------------------
		Форма ввода настроек
		-----------------------------------------------------------------
		*/
		echo '<form action="index.php?act=news&amp;mod=settings" method="post"><div class="menu"><p>' .
			'<h3>' . $lng['apperance'] . '</h3>' .
			'<input type="radio" value="1" name="view" ' . ($settings['view'] == 1 ? 'checked="checked"' : '') . '/>&#160;' . $lng['heading_and_text'] . '<br />' .
			'<input type="radio" value="2" name="view" ' . ($settings['view'] == 2 ? 'checked="checked"' : '') . '/>&#160;' . $lng['heading'] . '<br />' .
			'<input type="radio" value="3" name="view" ' . ($settings['view'] == 3 ? 'checked="checked"' : '') . '/>&#160;' . $lng['text'] . '<br />' .
			'<input type="radio" value="0" name="view" ' . (!$settings['view'] ? 'checked="checked"' : '') . '/>&#160;<b>' . $lng['dont_display'] . '</b></p>' .
			'<p><input name="breaks" type="checkbox" value="1" ' . ($settings['breaks'] ? 'checked="checked"' : '') . ' />&#160;' . $lng['line_foldings'] . '<br />' .
			'<input name="smileys" type="checkbox" value="1" ' . ($settings['smileys'] ? 'checked="checked"' : '') . ' />&#160;' . $lng['smileys'] . '<br />' .
			'<input name="tags" type="checkbox" value="1" ' . ($settings['tags'] ? 'checked="checked"' : '') . ' />&#160;' . $lng['bbcode'] . '<br />' .
			'<input name="kom" type="checkbox" value="1" ' . ($settings['kom'] ? 'checked="checked"' : '') . ' />&#160;' . $lng['comments'] . '</p>' .
			'<p><h3>' . $lng['text_size'] . '</h3>&#160;' .
			'<input type="text" size="3" maxlength="3" name="size" value="' . $settings['size'] . '" />&#160;(50 - 500)</p>' .
			'<p><h3>' . $lng['news_count'] . '</h3>&#160;' .
			'<input type="text" size="3" maxlength="2" name="quantity" value="' . $settings['quantity'] . '" />&#160;(1 - 15)</p>' .
			'<p><h3>' . $lng['news_howmanydays_display'] . '</h3><input type="text" size="3" maxlength="2" name="days" value="' . $settings['days'] . '" />&#160;(0 - 15)<br />' .
			'<small>0 - ' . $lng['without_limit'] . '</small></p>' .
			'<p><input type="submit" value="' . $lng['save'] . '" name="submit" /></p></div>' .
			'<div class="phdr"><a href="index.php?act=news&amp;mod=settings&amp;reset">' . $lng['reset_settings'] . '</a>' .
			'</div></form>';
			echo '<div class="phdr"><a href="index.php?act=news">' . $lng_news['management_news'] . '</a></div>';
	break;
	
	default:
	$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_news_cat`"), 0);
	if($total) {
		$req = mysql_query("SELECT `id`, `name` FROM `cms_news_cat`
		ORDER BY `realid` ASC LIMIT "
					  . $start . "," . $kmess);
		$i = 1;
		while (($row = mysql_fetch_assoc($req)) !== false) {
			echo $i % 2 ? '<div class="list1">' : '<div class="list2">';
			if(file_exists('../files/news/ico_cat_' . $row['id'] . '.jpg') !== false)
				echo '<a href="index.php?act=news&amp;mod=ico&amp;id=' . $row['id'] . '"><img style="margin: 0 0 -3px 0;border: 0px;" src="../files/news/ico_cat_' . $row['id'] . '.jpg" alt="" width="16" height="16"/></a>&#160;';
			echo htmlentities($row['name'], ENT_QUOTES, 'UTF-8') . ' <a href="../news/index.php?id=' . $row['id'] . '">&raquo;</a>';
			echo '<div class="sub">
			<a href="index.php?act=news&amp;mod=up&amp;id=' . $row['id'] . '">' . $lng['up'] . '</a> | <a href="index.php?act=news&amp;mod=down&amp;id=' . $row['id'] . '">' . $lng['down'] . '</a> | <a href="index.php?act=news&amp;mod=edit&amp;id=' . $row['id'] . '">' . $lng['edit'] . '</a> | <a href="index.php?act=news&amp;mod=delete&amp;id=' . $row['id'] . '">' . $lng['delete'] . '</a>
			</div>';
			echo '</div>';
			++$i;
		}
		echo '<div class="phdr">' . $lng['total'] . ': ' . $total . '</div>';
		if ($total > $kmess) {
			echo '<p>' . functions::display_pagination('index.php?act=news&amp;', $start, $total, $kmess) . '</p>';
			echo '<p><form action="index.php" method="get">
			<input type="hidden" name="act" value="mod_news"/>
			<input type="text" name="page" size="2"/>
			<input type="submit" value="' . $lng['to_page'] . ' &gt;&gt;"/></form></p>';
		}
	} else {
		echo '<div class="rmenu">' . $lng_news['not_nor_one_categories'] . '</div>';
	}
	echo '<div class="gmenu"><form action="index.php?act=news&amp;mod=add" method="post"><input type="submit" value="' . $lng_news['add_category'] . '" /></form></div>';
	if($total) {
		echo '<div class="gmenu"><form action="index.php?act=news&amp;mod=news" method="post"><input type="submit" value="' . $lng_news['add_news'] . '" /></form></div>';
		echo '<div class="bmenu"><a href="index.php?act=news&amp;mod=list">' . $lng_news['list_news'] . '</a></div>';
		echo '<div class="bmenu"><a href="index.php?act=news&amp;mod=clear">' . $lng_news['clear_news'] . '</a></div>';
	}
	echo '<div class="bmenu"><a href="index.php?act=news&amp;mod=settings">' . $lng['settings'] . '</a></div>';
}
echo '<p class="menu"><a href="../news/">' . $lng['news'] . '</a></p>';
?>